Compliance

Compliance as a standing posture, not an annual emergency.

We guide organizations through compliance programs from initial gap assessment through certification and ongoing maintenance. Whether it’s driven by a client requirement, a regulatory mandate, or your own growth strategy — we know the path and we’ll get you there efficiently.

Audit Standards

SOC 2 Type 1 & 2

Full lifecycle support — scoping, controls architecture, evidence collection, audit liaison, and ongoing compliance maintenance.

ISO 27001

ISMS design and implementation, internal audit facilitation, certification preparation, and surveillance audit support.

Defense, Federal & Criminal Justice

CJIS Security Policy

Compliance programs for organizations accessing criminal justice information — covering the expanded v6.0 requirements across 20 policy areas for law enforcement, courts, corrections, and dispatch systems.

CMMC 2.0

Level 1 and Level 2 readiness — gap assessment, architecture design, control implementation, and C3PAO assessment support.

NIST SP 800-171

CUI protection programs aligned with the 110 controls across 14 families, including SSP development and POA&M management.

NIST SP 800-53

Comprehensive security and privacy control implementation for federal information systems.

FedRAMP

Cloud service provider authorization support including boundary definition, control implementation, and continuous monitoring.

DFARS / FISMA

Defense and federal compliance programs for contractors and agencies handling controlled information.

IRS Publication 1075

Security programs for entities receiving or processing Federal Tax Information — applicable to government finance, revenue, and social services functions.

Security Frameworks

NIST Cybersecurity Framework (CSF)

Risk-based framework implementation covering Identify, Protect, Detect, Respond, and Recover functions.

CIS Controls v8

Prioritized security control implementation aligned with the Center for Internet Security’s prescriptive guidance.

Industry Regulations

PCI DSS

Compliance programs for organizations processing, storing, or transmitting cardholder data — covering gap assessments, control implementation, and ongoing validation requirements.

HIPAA

Healthcare security and privacy compliance including risk assessments, safeguards implementation, and breach readiness.

FFIEC / GLBA

Financial institution cybersecurity programs aligned with examination expectations and safeguards requirements.

FTC Safeguards Rule

Information security programs meeting FTC requirements for financial institutions and service providers.

SEC Cybersecurity Rules

Compliance with SEC disclosure requirements and cybersecurity risk management programs.

GDPR

Data protection and privacy programs for organizations handling EU personal data.

Not sure where you stand?

We’ll help you figure out what you actually need — whether that’s a gap assessment, a readiness program, or just an honest conversation about your compliance landscape.